Skip to main content
CVE-2024-37633 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37631 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37630 HIGH POC This Week

D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 605l Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-4145 HIGH POC This Week

The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Search Replace
NVD WPScan
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-32925 HIGH This Week

In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-5950 HIGH This Week

Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Dse855 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-5948 HIGH This Week

Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Dse855 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-5924 HIGH This Week

Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dropbox Desktop
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-36586 HIGH This Week

An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-29168 HIGH This Week

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Dell Secure Connect Gateway
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-36396 HIGH This Week

Verint - CWE-434: Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Workforce Optimization
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-34111 HIGH PATCH This Week

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Commerce Webhooks Magento
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-38284 HIGH This Week

Transmitted data is logged between the device and the backend service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-38281 HIGH This Week

An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Vigilant Fixed Lpr Coms Box Firmware
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2024-38282 HIGH This Week

Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-37029 HIGH This Week

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Tellus Lite V Simulator
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-37022 HIGH This Week

Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Tellus Lite V Simulator
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-37164 HIGH PATCH This Week

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft Computer Vision Annotation Tool
NVD GitHub
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-32860 HIGH This Week

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware Alienware Aurora R12 Firmware +19
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-32859 HIGH This Week

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Xps 8960 Firmware Xps 8950 Firmware Inspiron 3502 Firmware +20
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-32858 HIGH This Week

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Xps 8960 Firmware Xps 8950 Firmware Inspiron 3502 Firmware +20
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-34104 HIGH PATCH This Week

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce Webhooks Magento
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-32929 HIGH This Week

In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Use After Free Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-29169 HIGH This Week

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Dell Secure Connect Gateway
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-34103 HIGH PATCH This Week

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Adobe Privilege Escalation Commerce Commerce Webhooks +1
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-0099 HIGH This Week

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Nvidia Denial Of Service
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0091 HIGH This Week

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Denial Of Service Microsoft Gpu Display Driver +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0090 HIGH This Week

NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Memory Corruption RCE Information Disclosure +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0089 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Information Disclosure Nvidia Microsoft Gpu Display Driver +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0085 HIGH This Week

NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Microsoft Virtual Gpu Cloud Gaming
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0084 HIGH This Week

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Nvidia Denial Of Service Virtual Gpu +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32919 HIGH This Week

In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-32909 HIGH This Week

In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32908 HIGH This Week

In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Race Condition Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-32907 HIGH This Week

In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-32906 HIGH This Week

In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-32903 HIGH This Week

In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-32901 HIGH This Week

In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-32900 HIGH This Week

In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32896 HIGH KEV THREAT This Week

there is a possible way to bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2024-32895 HIGH This Week

In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32892 HIGH This Week

In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-29787 HIGH This Week

In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-29784 HIGH This Week

In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-36587 HIGH This Week

Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32504 HIGH This Week

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 850 Firmware Exynos 1080 Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-31956 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 2200 Firmware Exynos 1480 Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34115 HIGH PATCH This Week

Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Memory Corruption Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20753 HIGH This Week

Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-2098 HIGH PATCH This Week

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Download Manager
NVD
CVSS 3.1
7.5
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy